I Was Hacked in 2014 and I'm Still Feeling the Effects

Or; how I'm the star of the world’s most boring Kafka novel now.

On New Year’s Day 2014, I woke up to find three emails from Sony, thanking me for my purchases of in-game points for FIFA 14, totalling £30. This was smart timing from the hacker, because my first thought wasn’t “oh no, someone’s gained illicit access to my PSN account!”. It was “surely I wasn’t that drunk?” After confirming with a friend that, yes, I had been that drunk but no, I hadn’t insisted on playing Ultimate Team on New Year’s Eve, I changed my PSN password, deleted my card details from the account, and contacted Sony about the situation. Several days later, Sony asked me to call them, I was assured nothing like this would happen again, and my money was returned. Job done.

Five years later, this minor inconvenience has led me to become the star of the most boring Kafka novel never written.

Chapter 1 - The Man Who Disappeared

Recently, I saw that Twitch Prime was offering free rewards for Apex Legends. My Twitch Prime is pre-linked to my PSN account and, in a few keystrokes, was connected to my EA account too. Loot claimed. But, 15 minutes later, said loot hadn’t materialised. The Internet suggested that while Twitch could be linked to PSN and EA accounts, the same PSN account could be linked to an entirely different EA account, which would have caused the problem.

But I’ve had the same email address since I was 13, and I couldn’t think of any reason why I’d have created an EA account with another. I logged into my EA account and, sure enough, it was only linked to my Xbox Gamertag - no sign of PSN. But Apex had never asked me to sign in, implying my PSN was linked somewhere. Weirdly (at least in the case of Apex), the game also doesn’t seem to tell you what EA account you’re logged into anywhere.

I then read that - for no fathomable reason - the only way of logging into an EA account using your PSN account (rather than the email and password it was created with) was on a completely separate EA Help website - and that’s when I met R321G2B.

Before now, I’d never bothered to wonder why someone would buy FIFA points on my account. I’ve never done it myself – Ultimate Team is a festival of pain for a player as shit as me, so I don’t feel much urge to pay for it. Looking at similarly confused forum posts from the time (a lot of this was apparently going on back then), it seems the intention was either to transfer the points themselves to another account, or buy Ultimate Team player packs, open them, and gift the contents to another account.

Whatever the reasoning, that could only be achieved by using a linked EA account. So my hacker had created one, catchily named it R321G2B and linked it to my briefly compromised PSN profile. Unbeknownst to me, it has remained linked for half a decade, meaning every EA game I’ve logged into on PS4 since FIFA 14 has automatically hooked up the phony account.

Never mind, I thought, I’ll just unlink it and chalk this up to experience. I was logged into the fraudulent EA account anyway, so it seemed a pretty easy solution. How childish, how ignorant I was.

By the way, I seem to have had a similar problem in 2016, and completely forgotten about it.

Chapter 2 - The Trial

EA doesn’t allow you to choose the account you log into when you start up a game for the first time, it just finds your linked account and does it for you. This should be a time-saving function, but in my case, it bypasses any opportunity to link to an account not created by a greedy FIFA hackerman from the past. I tried to change the email associated with the fake EA account (a throwaway created on Chinese messaging service QQ) but, despite being logged in, it asks for a password before you do so - a password my hacker had also set up.

In fact, there is no manual option to unlink an account - brilliantly, the entirety of the EA Help website’s section on unlinking an account reads: “It isn't possible for you to unlink your gamertag” (this seems to be EA using ‘gamertag’ as a catch-all term for any game platform account).

OK, I lied. It also tells you to contact EA if you think your account is compromised. So I did. My first port of call was to use my legitimate EA account to get in touch, to explain the situation in detail, and ask if a PSN account could be relinked. My thinking was that if I could prove I owned both the PSN account, and the EA account, they could see that ol’ R321G2B was the outlier, begin investigating, and possibly merge the two accounts. After a couple of attempts it became clear that I couldn’t provide enough info to make that stick and, in the case of one phone support operative, that they definitely thought I was the hacker.

Well, Sony helped last time, why not try them? Sadly, a nice man on the phone told me that account linking goes one way, and nothing could be done about the problem from Sony’s end. He also told me that the 2014 emails I was referring to - to prove that my account had been compromised - were so old that they no longer existed on Sony’s database. Someone once said that the Internet is written in ink, but she didn’t mention that what it’s written on is apparently more liable to disintegrate than the Dead Sea Scrolls. All of this dampened my spirits about proving anything to EA.

Even so, I tried a new tack, attempting a support request through the fake account. I went for the nuclear option and asked for it to be deleted entirely, presumably allowing me to then relink my PSN ID to a new account. The response I got is still baffling to me as I type it. After being told that a link between PSN and EA is “permanent”, this is what I was told:

“And by the way, deleting the account means deleting the whole account in general and not only the EA Account but the PSN ID, game progress and games connected to it.”

I don’t really know what to make of that. I don’t know if that’s just a hurriedly written bit of chat support, but it seems like I’m being told that the link between EA and PSN is so unbelievably intrinsic that to try and stop it is to destroy both sides. I said this was the nuclear option, but according to EA, it’s actually very small-scale Mutually Assured Destruction.

I phoned Sony back to see what their take was on that bit of information. I can’t really capture how confused that customer rep sounded, but after they recovered, the words used were “that is completely wrong” (Sony’s take is that you may lose in-app purchases, but your PSN ID and games are safe). Anyway, all of this is moot, because EA officially still didn’t believe I was who I said I was.

Chapter 3 - The Castle

So, the position I was in was this:

I can prove that I own the PSN account, which I can use to log into an EA account, but I can’t prove I own that EA account without signing into an email account that I don’t own.

I can show emails that acknowledge my PSN account was compromised, but Sony can’t officially acknowledge that I’m telling the truth.

I have access to every account I need, but I can’t use any of them to get what I want.

To top it all off, all I actually want are a few f**cking Apex Packs - and I could almost certainly have earned more of them by just playing the game for the amount of time I’ve put into trying to solve all this.

I had become customer satisfaction’s Josef K.; knowing intrinsically that I’m in the right, but with no way of proving that was so, and a judge who steadfastly will not believe me no matter what I do.

Honestly, I don’t really blame EA or Sony for this (at least not now: I’d like to apologise to the customer support agent who had to listen to me shout “this is pathetic” to the echoes of the IGN UK fire escape earlier this week). Both could do certain things better from my perspective - EA could probably not insist on a link being permanent when compromised accounts are a sadly common occurrence, and Sony could maybe not erase customer emails about identity theft - but the majority of issues here stem from genuinely robust account security measures.

My case is weird, and most of the problems I’m having are based simply on how weird it is. The systems aren’t built to help someone in my position, because there probably aren’t many in that position, and we seemingly create wrinkles where systems usually run smoothly. The trick, as it turns out, is just to act like you aren’t a weird case. Spoiler: I got access to the account.

I couldn’t prove that R321G2B isn’t me. I couldn’t have him removed, or merged, or deleted. The final option was perhaps the most terrifying, and I have had to overcome my own principles to make it happen. I have become R321G2B.

Chapter 4 - The Metamorphosis

It was weirdly simple. The same chat advisor who told me about the (incorrect) policy of account deletion told me I might get what I want by asking to just have the email changed. I got in touch, and explained my situation but it quickly became clear that all I had to do was pretend not to be someone who, during the Obama administration, had a compromised account linked to a fraudulent account and hadn’t noticed for all this time. All I actually needed to do was pretend I was R321G2B and had lost access to my email address. That’s what the system was built for. The system works for R321G2B.

To be fair to EA, they still required a battery of information from me, and a test that involved messaging my PSN account to prove I was there, and on the same IP address I had listed. It’s comprehensive and, at least in my lay perspective, secure. I don’t feel like anything’s gone wrong - the world’s just a bit strange. To that point about strangeness: In a final, weird, Kafka connection, the man who solved this for me is referred to by EA Help only as “Tim V”. Thanks Tim V.

So, inconveniently but satisfyingly, I have two EA accounts now. I’m Joe Skrebels, and I’m R321G2B. Amazingly, to make that so I’ve had to make a throwaway email that I can access - in becoming R321G2B, I had to adopt their methods too. Don’t take this as a moral - I’m too tired for morals. EA, legally speaking, probably wouldn’t want you to take this as a tips guide either. And it’s certainly not a warning, because I’m guessing few will have this problem. Honestly, I just wanted to write all this down, because I’ve been going quietly mad for two weeks and it feels good to put all of this in order on a page, under my own control.

Now I just have to get in touch with Twitch customer support and explain all of this to them so that they give those Apex Packs to the right account. Let’s see how that goes.

Joe Skrebels is IGN's UK Deputy Editor, and he kind of wishes this was a story about Square Enix so that he could have written 'Kefka-esque', Ah well. Follow him on Twitter.